A $20,000 iPhone and $2,000 USB cable are all you need to hack iOS

If you’ve got the skills, then spending a few grand on a special type of iPhone or iPad and a special USB-cable may be enough to truly hack the iPhone and expose all of its secrets. That’s not to say that it’s easy or legal to do so, but a huge investigation reveals details about the underworld of iPhone hacking, which appears to be a flourishing and lucrative business.

Priced at around $2,000 on the gray market, the proprietary Apple USB cable you need is called Kanzi, and it’s the only one that you can use to access special data buried in an iPhone, once you connect it to a computer. According to Motherboard’s months-long investigation, you also need to buy developer-fused iPhones that can cost you four or five figures — the iPhone 6 is $1,300, the iPhone 8 Plus costs $5,000, and the iPhone XR is a whopping $20,000.

These dev-fused devices are special types of iPhones that are used for testing and debugging purposes. Thus, the iPhones do not have all the standard software defenses enabled, and security researchers would be able to learn some of the secrets hidden behind the security in iOS.

Dev-fused iPhones that were never intended to escape Apple’s production pipeline have made their way to the gray market, where smugglers and middlemen sell them for thousands of dollars to hackers and security researchers. Using the information gleaned from probing a dev-fused device, researchers can sometimes parlay what they’ve learned into developing a hack for the normal iPhones hundreds of millions of people own.

Comparatively, the iPhone that you buy in stores is “prod-fused,” which means it can’t offer hackers access to the special dev mode. Here’s how one former Apple employee described it:

Prod fused means there’s a specific pin on the board that is ‘blown’ in the production phase. The board checks that pin to see if the device is prod or not. If it isn’t, and the firmware is dev version, then certain features are enabled.

While Apple has been trying its best not to lose access to any of the dev-fused phones it has made over the years, it looks like there’s a thriving black market for them and you can easily find a model to suit your needs.

“Well, I didn’t steal any device. I actually paid for them,” a reseller of def-fused iPhones told Motherboard. “As long as you don’t break [Apple’s] balls, or show an iPhone 11 prototype, or an unreleased device, they’re most likely cool with that.” Some of these devices are stolen from Foxconn, the report reveals, and the thieves don’t always know what they’ve managed to sneak out of factories. After all, many of these dev-fused phones look like regular devices. It’s only the software that’s different, since they’re running Switchboard instead of the commercial version of iOS.

Access to the iPhone’s underlying software may offer anyone precious tools that could be used to spy on iPhones, or find ways to jailbreak them. In the past few months alone, we’ve seen reports of iPhone hacks that involved the use of regular text messages. Those reports only detailed the kind of sophisticated hacks that were discovered, but there were no explanations about how those vulnerabilities were discovered in Apple’s iOS software.

The Motherboard article is worth a read, and you can check it out at this link.